mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2025-02-14 20:11:52 +00:00
Added automatic switch to AMT TLS when enabling.
This commit is contained in:
Ylian Saint-Hilaire
parent
08c46be4a2
commit
dd17e72ead
1 changed files with 17 additions and 13 deletions
|
|
@ -371,17 +371,19 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
// TODO: Enable redirection port and KVM
|
// TODO: Enable redirection port and KVM
|
||||||
|
|
||||||
// Perform Intel AMT clock sync
|
// Perform Intel AMT clock sync
|
||||||
attemptSyncClock(dev, function () {
|
attemptSyncClock(dev, function (dev) {
|
||||||
// Check Intel AMT TLS state
|
// Check Intel AMT TLS state
|
||||||
attemptTlsSync(dev, function () {
|
attemptTlsSync(dev, function (dev) {
|
||||||
|
// If we need to switch to TLS, do it now.
|
||||||
|
if (dev.switchToTls == 1) { delete dev.amtstack; delete dev.switchToTls; attemptInitialContact(dev); return; }
|
||||||
// Check Intel AMT root certificate state
|
// Check Intel AMT root certificate state
|
||||||
attemptRootCertSync(dev, function () {
|
attemptRootCertSync(dev, function (dev) {
|
||||||
// Check Intel AMT CIRA settings
|
// Check Intel AMT CIRA settings
|
||||||
attemptCiraSync(dev, function () {
|
attemptCiraSync(dev, function (dev) {
|
||||||
// Check Intel AMT settings
|
// Check Intel AMT settings
|
||||||
attemptSettingsSync(dev, function() {
|
attemptSettingsSync(dev, function (dev) {
|
||||||
// See if we need to get hardware inventory
|
// See if we need to get hardware inventory
|
||||||
attemptFetchHardwareInventory(dev, function () {
|
attemptFetchHardwareInventory(dev, function (dev) {
|
||||||
dev.consoleMsg('Done.');
|
dev.consoleMsg('Done.');
|
||||||
|
|
||||||
// Remove from task limiter if needed
|
// Remove from task limiter if needed
|
||||||
|
|
@ -644,7 +646,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
if (amtPolicy < 2) {
|
if (amtPolicy < 2) {
|
||||||
// No policy or deactivation, do nothing.
|
// No policy or deactivation, do nothing.
|
||||||
dev.consoleMsg("No server policy for Intel AMT");
|
dev.consoleMsg("No server policy for Intel AMT");
|
||||||
func();
|
func(dev);
|
||||||
} else {
|
} else {
|
||||||
// Manage in CCM or ACM
|
// Manage in CCM or ACM
|
||||||
dev.taskCount = 1;
|
dev.taskCount = 1;
|
||||||
|
|
@ -794,7 +796,9 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
delete dev.aquired.xhash;
|
delete dev.aquired.xhash;
|
||||||
UpdateDevice(dev);
|
UpdateDevice(dev);
|
||||||
|
|
||||||
// TODO: Switch our communications to TLS (Restart our management of this node)
|
// Switch our communications to TLS (Restart our management of this node)
|
||||||
|
dev.switchToTls = 1;
|
||||||
|
delete dev.tlsfail;
|
||||||
devTaskCompleted(dev);
|
devTaskCompleted(dev);
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
@ -808,7 +812,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
// Check if Intel AMT has the server root certificate
|
// Check if Intel AMT has the server root certificate
|
||||||
function attemptRootCertSync(dev, func) {
|
function attemptRootCertSync(dev, func) {
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if ((dev.connType != 2) || (dev.policy.ciraPolicy != 2)) { func(); return; } // Server root certificate does not need to be present is CIRA is not needed
|
if ((dev.connType != 2) || (dev.policy.ciraPolicy != 2)) { func(dev); return; } // Server root certificate does not need to be present is CIRA is not needed
|
||||||
|
|
||||||
// Find the current TLS certificate & MeshCentral root certificate
|
// Find the current TLS certificate & MeshCentral root certificate
|
||||||
var xxMeshCentralRoot = null;
|
var xxMeshCentralRoot = null;
|
||||||
|
|
@ -827,7 +831,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
dev.consoleMsg("Added server root certificate.");
|
dev.consoleMsg("Added server root certificate.");
|
||||||
devTaskCompleted(dev);
|
devTaskCompleted(dev);
|
||||||
});
|
});
|
||||||
} else { func(); }
|
} else { func(dev); }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -838,7 +842,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
// Check if Intel AMT has the server root certificate
|
// Check if Intel AMT has the server root certificate
|
||||||
function attemptCiraSync(dev, func) {
|
function attemptCiraSync(dev, func) {
|
||||||
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
if (isAmtDeviceValid(dev) == false) return; // Device no longer exists, ignore this request.
|
||||||
if ((dev.connType != 2) || ((dev.policy.ciraPolicy != 1) && (dev.policy.ciraPolicy != 2))) { func(); return; } // Only setup CIRA when LMS connection is used and a CIRA policy is enabled.
|
if ((dev.connType != 2) || ((dev.policy.ciraPolicy != 1) && (dev.policy.ciraPolicy != 2))) { func(dev); return; } // Only setup CIRA when LMS connection is used and a CIRA policy is enabled.
|
||||||
|
|
||||||
// Get current CIRA settings
|
// Get current CIRA settings
|
||||||
// TODO: We only deal with remote access starting with Intel AMT 6 and beyond
|
// TODO: We only deal with remote access starting with Intel AMT 6 and beyond
|
||||||
|
|
@ -1122,7 +1126,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
dev.amtstack.BatchEnum('', ['*CIM_ComputerSystemPackage', 'CIM_SystemPackaging', '*CIM_Chassis', 'CIM_Chip', '*CIM_Card', '*CIM_BIOSElement', 'CIM_Processor', 'CIM_PhysicalMemory', 'CIM_MediaAccessDevice', 'CIM_PhysicalPackage'], attemptFetchHardwareInventoryResponse);
|
dev.amtstack.BatchEnum('', ['*CIM_ComputerSystemPackage', 'CIM_SystemPackaging', '*CIM_Chassis', 'CIM_Chip', '*CIM_Card', '*CIM_BIOSElement', 'CIM_Processor', 'CIM_PhysicalMemory', 'CIM_MediaAccessDevice', 'CIM_PhysicalPackage'], attemptFetchHardwareInventoryResponse);
|
||||||
dev.amtstack.BatchEnum('', ['AMT_EthernetPortSettings'], attemptFetchNetworkResponse);
|
dev.amtstack.BatchEnum('', ['AMT_EthernetPortSettings'], attemptFetchNetworkResponse);
|
||||||
} else {
|
} else {
|
||||||
if (func) { func(); }
|
if (func) { func(dev); }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -1361,7 +1365,7 @@ module.exports.CreateAmtManager = function(parent) {
|
||||||
// Called this when a task is completed, when all tasks are completed the call back function will be called.
|
// Called this when a task is completed, when all tasks are completed the call back function will be called.
|
||||||
function devTaskCompleted(dev) {
|
function devTaskCompleted(dev) {
|
||||||
dev.taskCount--;
|
dev.taskCount--;
|
||||||
if (dev.taskCount == 0) { var f = dev.taskCompleted; delete dev.taskCount; delete dev.taskCompleted; if (f != null) { f(); } }
|
if (dev.taskCount == 0) { var f = dev.taskCompleted; delete dev.taskCount; delete dev.taskCompleted; if (f != null) { f(dev); } }
|
||||||
}
|
}
|
||||||
|
|
||||||
function guidToStr(g) { return g.substring(6, 8) + g.substring(4, 6) + g.substring(2, 4) + g.substring(0, 2) + '-' + g.substring(10, 12) + g.substring(8, 10) + '-' + g.substring(14, 16) + g.substring(12, 14) + '-' + g.substring(16, 20) + '-' + g.substring(20); }
|
function guidToStr(g) { return g.substring(6, 8) + g.substring(4, 6) + g.substring(2, 4) + g.substring(0, 2) + '-' + g.substring(10, 12) + g.substring(8, 10) + '-' + g.substring(14, 16) + g.substring(12, 14) + '-' + g.substring(16, 20) + '-' + g.substring(20); }
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue